oxenos

I have just recieved an email to my home email address, apparently inviting me to buy chinese food. I say apparently because apart from the pictures, it is entirely in chinese.
However, it is addressed, in english, to oxenos, followed by my email address.
I was under the impression that there should be nothing to link my Pprune "tag" to my email address, so is there a problem with Pprune's security?

Milo Minderbinder

sounds possible
PM the mods as they probably won't see this thread
Only they or the sysadmins will know whether hacking the forum is possible

Rossian

.....a follow up about that dodgy watch you bought in Changi village. "Millie wel' know' fo' long memry, lah" I'd watch my six if I were you.

The Ancient Mariner

oxenos

At least my watch changed day and date at midnight, rossian. Weren't you the one who complained that his changed at lunchtime?

Rossian

....I bought mine from Sheikh Robbie in Sharjah. Three months bartering it took and I beat our FE to it by half an hour. Talk about p88sed off. (Does this constitute thread drift, for which I apologise?)

The Ancient Mariner

mixture

How secure is your password ? (might also be a good time to change both your prune and email passwords)

To quote Donald Rumsfeld....


i.e. the moderators/sysadmins will only know about the exploits they know about based on the software used, or based on what they are looking for (or penetration testing for). Stuff they're not looking for, or don't know about (e.g. zero day attacks) will simply fly under the radar.

Saab Dastard

Do you mean that the message was addressed to:

[email protected], or to your personal email address with "Dear Oxenos" or similar in the body of the email?

I have not seen any reports that the PPRuNe servers have been hacked.

Nor have I seen any other reports from anyone else that their registration / personal (non-PPRUNE) email address has been compromised.

This is not to say that it hasn't occurred, just that I haven't heard about it!

SD

oxenos

It was addressed to oxenos > myemailaddress. The body of the email was in chinese characters and pictures.

11Fan

oxenos,

I sent Clee a message. Clee is an Administrator for Internet Brands. I've not seen her here on PPRuNe but she's on Airline Pilot Central all the time and both APC and PPRuNe are owned by Internet Brands. Let's see if she responds.

Cheers,
11Fan

BrandiNettIB

We've got no reports of security breaches at PPRuNe. If that happens at one of our sites, usually my inbox blows up, and the effect around here is basically a five-alarm deal.

Oxenos, have you corresponded with anyone via email in which the name "Oxenos" was used?

One possibility is that your correspondent listed you as a contact in his email address book, and that his email got hacked.

11Fan

Thanks Clee

oxenos

CleeIB

"Oxenos, have you corresponded with anyone via email in which the name "Oxenos" was used?"

That's a possiblity. I will see what develops.

BOAC

The only other question at the moment is was the email address used the same as the one you are 'registered' under here or another? I suspect it is as CleeIB said in post #10 and one of your recipients has been hacked. I think if the server database has been 'hacked' we woud be flooded with these events.

If as above, little point in changing any passwords etc - just your 'friends'. I suspect no-one will have access to your email account.

BrandiNettIB

No problem, 11Fan. Thanks for the heads up.

Oxenos, keep us posted. BOAC has a good question, namely, which email address got the Chinese spam message. If it's different from the one you've set in your PPRuNe profile, then the issue is not with PPRuNe.

oxenos

The same one

Milo Minderbinder

Do you have that user name and e-mail address registered with any UK military contacts? There was something in the press last week (I've lost the link) of a hack releasing details of UK MOD contacts and their e-mail addresses

BOAC

To follow MM's query, then

Does anyone else know your pprune username?

Do you ever email anyone who does from the 'pprune address' using your username?

If not, then this needs looking at further.

Edit: I see you are 'active' on another site. Have you checked there?

Bushfiva

Although some email harvesting is done by actually, well, harvesting emails, much of it is done programatically. To shorten a very long story, proven good email addresses have the highest value. At a lower level, if for some reason bloggs at testdomain1.cem is found to be valid, then bloggs is tested against all other domains in inventory. Similarly, testdomain1.cem is tested against all other names in inventory. The logic is that there are going to be many people on the planet with the same username, and a domain is likely to have many users.

oxenos isn't a rare name at all, so I'd imagine your email address was generated as a semi-random pairing using the above method. In your case, I'd guess the source user was German or Greek.

The reason that washed lists are way more valuable than unwashed lists is not that the recipients are known good, per se, it's because the emails are more likely to evade ISP-level spam filters.

oxenos

The people who know who oxenos is are unlikely to have passed on my details.
I suspect Bushfiva has hit the nail on the head.

BOAC

- it is important to understand that this does not need to be a deliberate 'passing on'. IF any of your 'friends' (who have your name and email address together in an email) get one of the many email harvesting nasties onto their machine - job done - and they would never know. I'm sure PPRune's inner sanctum is secure!